Activists unveil stealth browser

Hacktivismo, a group of human-rights advocates and computer security experts, has released a Firefox-based browser designed to allow anonymous Web surfing.

The Web browser, called "Torpark," is a modified version of Portable Firefox. Released last week, it can be run directly from a USB drive, meaning it can be used on public terminals in cybercafes. It creates an encrypted connection to the TOR (The Onion Router) network, which supplies a succession of different IP addresses.

"Torpark causes the IP address seen by the Web site to change every few minutes, to frustrate eavesdropping and mask the requesting source," Hacktivismo said in a statement.

For example, a user could be in London and Web sites would see an IP address from a university in Germany, or other addresses belonging to the TOR network.

Hacktivismo operates under the aegis of the influential group the Cult of the Dead Cow. Developers said the browser is different from other anonymous browsers, such as Anonymizer or SecretSurfer, in that it doesn't cost anything and is small and portable.

Torpark uses English by default, but includes language packs for Arabic, German, French and simplified Chinese. More than 30 other language packs are available via links built into the browser, which is available here.

The Torpark site was available intermittently this week, because of heavy download traffic, developers said.

The browser encrypts data sent to the TOR network, but data isn't encrypted between TOR and the destination Web site, Hacktivismo cautioned. "Therefore, the user should not use his or her user name or password on Web sites that do not offer a secure login and session," the group stated.

The browser session is somewhat slower than with an unmodified browser, testers have reported. The browser resembles Firefox, but displays the IP address being used at the time, and includes a button for resetting the server connection.

The official launch follows more than a year of development work on Torpark. A sister application called Torbird is also available; it uses the TOR network for e-mail.

Matthew Broersma reported for ZDNet UK from London.

[freq]

smells like booby trap... but great concept!!

I really like the "idea" of the firefox trackmenot plugin.. although random link following to random depths needs to be added.. SOMEBODY PLEASE

the tor network is a great concept.. however, its under tight control of some of the biggest abusers of civil liberities the net has ever known!

if only a select "power hungry" few are able to peer into the traffic.. shouldnt everyones traffic be viewable to all?

the tor network needs everyones attention.. in the meantime.. that trackmenot plugin "could" secure not just "democracy" but even "capitalism"... hey! what a concept!

[unknown unknown]

RE

"however, its under tight control of some of the biggest abusers of civil liberities the net has ever known!"

Who might that be? The software is open source and anyone can become a node. Nodes are choosen by the TOR client at random to form the path. All information is encrypted until it hits an end point. The path is changed when a new site is requested.

[zyphbear]

NOT Booby Trap, EFF endorses TOR

Just as a quick note, the EFF fully supports TOR. They have a subdomain setup (as well as a link from the err.org main page.)

Other than only being able to use it where a firewall is not used, it's a great concept.

EFF's site: http://tor.eff.org/

[David Arbogast]

Isn't this just a proxy?

Sounds like a proxy server that rotates IPs for each client. Why on earth would I need a special browser for this?

[scdecade]

You're the expert

Since you feel comfortable giving log files as evidence in a criminal case...

[Penguinisto]

Yes and No...

[i]"Sounds like a proxy server that rotates IPs for each client. Why on earth would I need a special browser for this?"[/i]

If you're a chinese citizen (or live anywhere else where censorship runs rampant), it could come in very handy indeed. It doesn't leave tracks on your home machine that shows you popping through public (or other) proxies - rename the browser executable to something innocuous and you're a lot closer to safety than otherwise.

[unknown unknown]

RE

"Sounds like a proxy server that rotates IPs for each client. Why on earth would I need a special browser for this?"


You can goto http://tor.eff.org/ to find out the details how it works. Basicly a client picks a random encrypted path through several TOR servers and requests are directed through this path. In theory it become very diffcult to track a request that appears to be from from the end point TOR server back to it's source.

No you don't need a seperate browser for it, you can get the TOR software on your system and use it with any browser that supports proxy connections. TORPark was designed to portable so you can carry it on USB Drive and not have to install software.

[rfalbemuth]

Cult of the Dead Cow?

I remember their IP being blocked by default by my anti-virus software. They unleashed Back Orifice into the wild.

That probably explains the double-take reaction to the group being referred to as good guys.

I did a little research and found this:

Back Orifice:
http://en.wikipedia.org/wiki/Back_Orifice

Tor:
http://en.wikipedia.org/wiki/Tor_(anonymity_network)

I wonder if Eff's endorsment of Tor implies an endorsement of Cult of the Dead Cow.

--

[internetdog]

Cult of the BlueScreenOfDeath?

Does the fact that groups like the Cult of the Dead Cow have members that would never use Microsoft IE themselves for fear of being tracked or cracked imply that we should like Microsoft? I think not.

Does the use of a well intentioned privacy tool by people that we do not want to have privacy (that category varies from individual to individual, of course) mean that the tool is evil?
I don't think so, but that is a personal opinion.
Inetdog

[SeizeCTRL]

black/white hatters...

One thing to keep in mind that the guys over at L0pht, made L0pht Crack which was a great way to get NT passwords... Symantec eventually bought out the rights to it and LCPro is used by sysadmins now to determine password security and which users have very weak passwords... so just because some guys have a dark past does not mean that everything they do in the future will be shady and untrustworthy...

Remember Apple got their start by selling blue boxes which were nifty little illegal devices for rerouting phone calls.

I met the CDC guys a few times at Def Con back in the 90s... they seemed pretty cool and on top of technology. Back Orfice really is not any different than VNC or Remote Desktop, it just provided a back end to access remote computers.

[zaznet]

Thinking backwards...

You are mixing products here.

The EFF supports TOR, an anonymous network.

CotDC created a browser package that makes use of the TOR network to browse the web.

Saying the EFF supports any activities of the CotDC would be like saying the DOT supports vehicular manslaughter because they paved the roads.

[freq]

where its at... IMHO

if we are to subject everyone to wireless pollution... we might as well be using a similiar concept but applied to p2p HAM..

[KsprayDad]

Tor and FireFox

Have been using Tor with FF (and the xyzproxy extension) for over a year.

A little slow but worth it if you need to keep a part of your browsing anonymous.

Someone mentioned you need to use this on a non firewalled computer...not true, I have both hardware and software firewalls and TOR works fine.

[internetdog]

It depends on whether you administer the firewall or not.

If the program needs to connect to port 8118 of the first TOR node and the firewall is a corporate or network firewall that you do not control, then you may restricted to "standard" ports like 80 and 443.

If you control the firewall and can authorize connecting to the port, then no problems.

If you have a way to connect to TOR using only standard ports, then also no problem.

[baswwe]

Does not prevent your ISP's from storing your data - so the FEDS can still

so the FEDS can still come a knocking on your door!!

[Hardrada]

If you use Tor properly

and turn off java, javascript and flash.
and delete cookies when you close the browser
Then you are perfectly safe.
an opponent would have to observe the whole
tor network at once to trace your origin

[umbrae]

No so...

The ISP will store the time, date, origin and target of the connection. However, your connection should be with the TOR cloud. So the FBI would know that you connected to an anonymous cloud, but would not be able to see past that.

TOR was originally funded by the US Naval Research Laboratory to allow the anonymous and untrackable way to pass documents back and forth. For more information:

http://en.wikipedia.org/wiki/Tor_(anonymity_network)

[eriksmalley]

how so?

if the data is encrypted from your pc to their server then the ISP really cannot see what you are browsing, only that you are connected. AS long as you are not using your ISP's DNS server.

[Tephlon]

Torpark Installer

Even though Torpark is a portable application, there are many people who might be interested in trying it out who are not comfortable with a "no install" installation. Thus, I have created a Torpark installer and a step-by-step guide for using it.

If anyone is interested, the installer and guide are available from http://www.dailycupoftech.com/?page_id=165.